Security researchers have spotted a new variant of the Mirai malware that focuses on infecting IoT and networking equipment with the main purpose of turning these devices into a network of proxy servers used to relay malicious traffic.

The operators of at least one Tor proxy service was recently caught replacing Bitcoin addresses on ransomware ransom payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators.

A botnet made up of IoT devices is helping hackers mask attacks on web applications, acting as a relay point for SQL injection (SQLi), cross-site scripting (XSS), and local file inclusion (LFI) attempts.

Researchers at Akamai have identified a botnet of over 14,000 IP addresses used in malware distribution operations. The botnet is still up and running, and experts believe it will be hard to take it down because its operators are employing a clever technique called Fast Flux.

A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks.

A bill that bans the use of proxies, Tor, and VPNs passed the Russian government's two legislative bodies and has now reached the desk of President Vladimir Putin, who can now sign it into law just by a stroke of his quill.

WikiLeaks published today the manual of another CIA hacking tool part of the Vault 7 leak series. This tool is referenced internally at the CIA under the name of HighRise and is an Android application for intercepting and redirecting SMS messages to a remote web server.

Last week, McAfee released a tool named AmIPinkC2, a Windows command-line application that removes remnant files of Pinkslipbot infections that allow the malware to continue to use previously infected computers as proxy relays, even if the original malware's binary has been cleaned and removed from infected hosts.

Security researchers have uncovered a new trojan that targets Linux devices that is capable of transforming infected machines into proxy servers and relay malicious traffic, hiding the true origin of attacks or other nefarious activities.